DEFCON 17 CTF Call for new Organizers!

["The Dark Tangent" <dtangent () defcon org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

DEFCON 17 CTF Call for new Organizers!
Call for DEFCON Capture the Flag Organizers Version 2.0.
Please spread this announcement far and wide!
- ------------------------------------

WANTED:
An evil large multinational corporation, or...
An nefarious group of genius autonomous hackers, or...
A shadowy government organization from somewhere in the world

TO:
Host, recreate, and innovate the world's most (in)famous hacking contest.

WHY:
For everlasting fame, intrusive media interviews, the respect of your peers,
or the envy of your enemies.

Do you have what it takes and know what we're talking about?

THE STORY THUS FAR:

All things must change, and after years of hard work and consistent advances
Kenshoto has decided that it is time to let someone else have a chance to
run CTF. We will forever miss their crazy videos and clever configurations.
After taking it to the next level, creating a spectator sport out of geeks
sitting at their keyboards 0wning machines, and helping CTF gain fabulous
recognition around the world, Kenshoto has officially retired as the
organizer and hosts of DEFCON's CTF. The contest is not over, merely in
transition to the next keepers of the flame. This is the opportunity you and
your crew, company, or government have been waiting for!

You too can pour your heart, countless thousands of hours into planning,
producing, and executing the world's most famous contest of hacking skills.
All of the contests at DEFCON are run by volunteers, and CTF is no
different.

My intent is to make a game that's fun for its participants. Kenshoto did a
fabulous job of allowing CTF to be a team and spectators sport through
scoring visualizations, commentators, game updates. They took it to a new
level in one area, and you can take it to another. The heart of hacking has
many facets!

CTF is made of many parts from the actual teams, the organizers, observers,
third party supporters, the press, con attendees wanting in on some action,
and those newbies wondering WTF.

YOUR CONSTRAINTS:
You must design a bad-ass contest. This contest could have a multiplayer /
team aspect, but does not have to. Your contest can be based on previous
games, but shouldn't be a mere replication of previous games. You can
determine the teams/participants before DEFCON through a pre-qualification
phase, or at the conference with a first come-first served approach. You can
have multiple contests (for example, one contest with individuals, one with
teams). The contest can be totally electronic, or it can take into account
social engineering, physical security bypass, even hardware modification.
You determine the constraints, size of teams, deciding if remote teams can
play - really almost everything is up in the air.

You design the network topology. You determine the rules. Your group will
determine the winner, and the losers. The idea behind this CFP is not to ask
people to reproduce past Capture the Flags, but to have your group reinvent
and create something new, based on the same creativity and energy that CTF
is known for. Challenge your friends!

YOU MUST:
Clearly communicate the rules to the participants before the contest, set up
clear eligibility requirements (if any) before the conference, set up the
network, provide any infrastructure that you wish to be part of the game,
referee the game while it is taking place, create a scoring system that
observers can view to get an idea of what is going on, and determine
winners. The easier it is for contestants to understand how to win, the more
fair the contest will feel. The contest must end no later than two hours
before the end of DEFCON (5pm Sunday) in order to provide time for final
scoring and the awards ceremony.

YOU MUST NOT:
Interfere with the DEFCON networks (i.e.: it must be a separate network),
interfere with the 'live internet', involve non-consensual parties (i.e.:
anyone who hasn't explicitly agreed to take part in the contests), take
bribes that are not equally shared with the DEFCON staff. You must be
totally neutral and fair.

In the past network traffic on CTF has been captured for later forensic
analysis and shared with the community to further ids and network sniffer
developers. Expect that should we want to do this again there is a way to
give access to those wanting to capture traffic while not actively
participating in the contest.

SUGGESTIONS:
Allowing 'lone gunman' to participate (not require group play). This could
be a separate contest, or they could participate in competition with teams
(handicaps for teams, perhaps)

Allowing 'outside players', perhaps a VPN connection with one representative
at DEFCON, the rest of a shadowy team located elsewhere in the globe.
Incorporating non intrusion/defense techniques to the game - stenography,
covert communication channels, riddles/puzzles, social engineering, hardware
hacking, radio direction finding, etc.

A 'theme' (like forensics, covert channels, attacking, defending,
application security, host security, etc.) that would be announced
beforehand with the contest focused around the theme.

YOU WILL BE JUDGED:
On any innovations or revolutionary enhancements to the game. On the
feasibility of your team getting all the work done (note: we will publicly
humiliate you if you get accepted and fail to perform!). On the amount of
fun (as measured in FunMeters) that participants will have.

Once you submit your ideas (Yes you can submit more than one concept) we
will start communicating with you to clarify anything we don't understand.
Feel free to ask us questions so you know what you are getting yourself
into. A group that work well together is almost a must. Ghetto Hackers and
Kenshoto did very well because they had a large enough pool of talent to
draw upon when building their automated systems.

RESOURCES WE CAN PROVIDE:
Badges to the conference and access to the CTF area for setup on Thursday,
the day before the con. Physical space roughly equal to that which has been
provided at past DEFCONs. Tables for participants to use. Screens and LCD
projectors to display data with. Network connections from the net if
necessary. Some network gear and power strips - please let us know early
what you need so we can plan for it. Prizes for the winning people or teams.
If you want to turn the CTF area into a giant free-for-all we can get the
power strips and tables. If you want it to be like years past with eight
team tables we can do that too. Want to drop some clues in the printed con
program? Want to incorporate some clues or components into the attendee
badges? We can do that too! Winning teams get a maximum of eight Black
Badges.

RESEARCH POINTERS:
If you haven't been to DEFCON before, you should understand the environment
your contest must operate in!
https://www.defcon.org/ will get you started. These may help give you an
idea about past contests, what has worked, and what hasn't.

Ceazar gave a presentation on running hacking contests at Black Hat Asia
(learn from a master):
https://www.blackhat.com/presentatio...p-04-eller.pdf

A rundown of DEFCON 16 CTF by atlas of team l@stplace (DEFCON 14 and 15 CTF
Winners):
http://atlas.r4780y.com/cgi-bin/atla...080808-sk3wl3d

Walkthroughs of the last 3 CTF Competitions :
http://nopsr.us

Interview with Def Con CTF Winning Team Member Vika Felmetsger (2005):
http://taosecurity.blogspot.com/2005...f-winning.html

An article on the 2004 CTF on Network World:
http://www.networkworld.com/news/2004/080904defcon.html

Ceazar's How to Win the DEFCON CTF:
https://www.defcon.org/html/defcon-1...echtv-ctf.html

So you want to play a game?

HERE IS THE PROCESS:
1.Fill out the application below. You will receive an acknowledgment that
your submission was received within 48 business hours of us receiving it
unless we are snowed in and the interwebs are broke.

2.We will use relatively simple criteria to judge your entry. 1:)
Feasibility of your team pulling it off taking into consideration who is
involved in your team, resources you have, etc. 2:) The amount of fun we
imagine the participants will have with your contest, 3:) the coolness or
innovation you bring to the contests.

3.We will contact finalists and ask them further questions, and talk over
any questions that we will inevitably have.

4.We will announce the winner(s) on as soon as we can after the close of the
CTF CFP date. It could be possible that we will choose multiple teams that
run concurrent but different types of contests.

5.We will hammer out details over the phone, participating in your game
creation (not interfering with it, just ensuring everything is going
smoothly). We will conference call with you and may fly you out to sunny
Seattle to meet with us to discuss planning for the event.

6. Kenshoto has volunteered to spend time working with the selected team,
answering their questions, explaining their process and what they learned in
designing their game. They have a lot of experience and skill so this is a
resource you will want to take advantage of.

APPLICATION:
All contact information will be kept private, and not disclosed outside the
DEFCON planning organization.

About you and your group

Name of your organization:
Name of primary contact:
Email Address of Primary contact:
Phone number of primary contact:
Number of people in your organization (that will actively be participating
in creating/planning/executing CTF):

Experience team members have had in planning events (This could be a bake
sale with 500 people, or a DoD briefings for 20 people, something that
indicates some planning experience):

Technical ability of team. This would include a general list of people's
abilities * networking, hardware, etc and support the idea you can pull this
off:

Physical resources (if any) that you will be bringing to help run CTF such
as a disco ball, robots or enigma machines. This to help us plan to
accommodate it with the hotel if you require extra power or special fire
marshal approval for your Cray 1 cooling towers.:

What experience have your team members had in playing CTF in the past. This
is not a requirement, but shows real-world knowledge of the game as it has
been played in the past.:

Explain you vision for CTF
- -Explain, in a general manner, your vision of your CTF.
- - Explain how you hope the attendees will experience it. For example, they
sign up on-line, get a secret package in the mail, start blindfolded with an
unusual laptop? Are their certain crises points you will introduce during
the game to confuse or add to the pressure?
- -Provide three reasons your group should host CTF.
- -How do players or teams qualify (if there are qualifications)?
- -Is it multi player or single-player, or a combination?
- -What innovations or new ideas are you bringing to CTF?
- -How long will the contest take, will it be 24x7, 8 hour shifts, etc?
- -What technical work is required to execute your plan. This includes setting
up environments beforehand, pre-qualification work if any, writing a scoring
system, etc.?
- -Give an outline of the rules that will be presented to the participants:
- -Why do you want to do this?
- -What hardware resources do you request or need from DEFCON?
- -Explain what you believe is the best way to guage a hacker's abilities, and
how your vision of the contest could do this?
- -Tell us anything else that you think may be important or that we might
consider in choosing your group to host CTF.

Send 'em in!

If you are submitting multiple ideas please make each one a separate email
so when printed and forwarded between judges there is less confusion.

Deadline is February 28th, 2009. Submissions go to ctf [at] defcon [d0t] org

A discussion area has been created on the DEFCON forums under the DEFCON 17
Events section to cover new ideas, ask for feedback, and get an idea of what
is going on.
https://forum.defcon.org/forumdisplay.php?f=458

New announcements will be on the main DEFCON web site as well:
https://www.defcon.org/

Feel free to join the discussion, ask people for feedback on your ideas, ask
questions.. use all the resources at your disposal!

Thank you!
The Dark Tangent


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: us-ascii

wsBVAwUBSXZjxw6+AoIwjTCUAQhCFAf7B7gaVZohJBZZwR7sriO89V177xO5Dn09
5Sg3bbXj9bJuo6/1LsGJkPYH23yCyNid5rJaFrbtJ3I7/l2yGEa/pfIXSU5qdBpl
LuXtd7WhpSr1Li/ydJOXtxr1CWxgwm2HIezyvKJ0ZBsYOMO8Q76o0S8NvsYicTiV
l4QktKcQSMGBRqjjuFc9Je9CjtsT82eGibGJUxg7bhEksVPT1YuFVz+kwrMo3gcs
v9T41ZXuItMdU1H9QJhp/S64yhsHFZ2bAq4hufFAXhf8uWetdf9QnwYXAwhza80N
S74DfmC4NHPKLnLk95JCR9deGymJI7/cwCqS5F1RPgqHNhAM+qWnDA==
=yGy0
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave